| Title | Sanitization Management System v1.0 Insufficient Authorization Controls |
|---|
| Description | It was observed that Sanitization Management System v1.0 suffers from insufficient authorization controls whereby an unauthenticated attacker could perform sensitive actions by directly invoking the endpoints, thus gaining full control over the web application.
The following functions are affected and could directly be triggered without authentication:
1. creation, modification and deletion of privileged users
2. access to sensitive information such as inquiries and quote requests belonging to other customers
3. deletion and modification of company information
While user would require a valid session ID to access the administrative functions on the browser, it is possible to directly invoke the endpoints using Burpsuite and access the functions without a UI. |
|---|
| User | jiajian (UID 34329) |
|---|
| Submission | 10/23/2022 18:55 (3 years ago) |
|---|
| Moderation | 10/24/2022 07:43 (13 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 212017 [SourceCodester Sanitization Management System 1.0 missing authentication] |
|---|
| Points | 17 |
|---|